*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by Seth Arnold (seth-arnold):
Log line matching does not account for the fact that for small kernel
timestamps, there can be space at the beginning of the stamp.
Marking as security as not having a proper report of blocked connexions
reduces auditing capacities
Here is an example of a log line that would not work, because of the
space in the timestamp "[ 1690.227087]"
Apr 18 18:05:37 rack1 kernel: [ 1690.227087] fw: IN= OUT=eth0
SRC=166.78.158.192 DST=72.14.183.239 LEN=76 TOS=0x00 PREC=0xC0 TTL=64 ID=0 DF
PROTO=UDP
SPT=123 DPT=123 LEN=56
have fun,
Frank
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: fwlogwatch 1.2-2
ProcVersionSignature: Ubuntu 3.2.0-41.66-generic 3.2.42
Uname: Linux 3.2.0-41-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 2.0.1-0ubuntu17.2
Architecture: amd64
CheckboxSubmission: 07acc21e2cd262f4bfdaa4e25a19f966
CheckboxSystem: 2a6f54df59af338184485e85cbcf0d32
Date: Thu May 9 10:13:33 2013
InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Release amd64 (20101007)
MarkForUpload: True
ProcEnviron:
TERM=xterm
PATH=(custom, no user)
LANG=en_CA.UTF-8
SHELL=/bin/bash
SourcePackage: fwlogwatch
UpgradeStatus: Upgraded to precise on 2012-06-05 (337 days ago)
mtime.conffile..etc.fwlogwatch.fwlogwatch.config: 2013-05-06T16:41:50.186316
** Affects: fwlogwatch (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug precise running-unity
--
bad timestamp parsing
https://bugs.launchpad.net/bugs/1178281
You received this bug notification because you are a member of Ubuntu Bugs,
which is subscribed to the bug report.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
